General
-
Target
e24c47ba37141e19d0343cddc0666f2e
-
Size
845KB
-
Sample
240327-zfr5qaeh8t
-
MD5
e24c47ba37141e19d0343cddc0666f2e
-
SHA1
79ded7b5f757f9f11d0c1674e18f6de0342c7ec6
-
SHA256
0dd4a217107132a83c2a17b9ee609dafcf3372a7b04e02421dade166c64a3c77
-
SHA512
95ddac734be7f9607c724dd940f6a66537d2fd62f714634a0472f8df8d5bd958466b19aaf25d15f44c698b1b0f33e154160d807d43793ae6a2bae7d38112480a
-
SSDEEP
24576:+aKbPp9AR95yayNEHYofwgKspbHUCwCOd4:qPpKRyaOEfweArx
Static task
static1
Behavioral task
behavioral1
Sample
e24c47ba37141e19d0343cddc0666f2e.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e24c47ba37141e19d0343cddc0666f2e.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.karanex.com - Port:
587 - Username:
[email protected] - Password:
roz%KtT3
Targets
-
-
Target
e24c47ba37141e19d0343cddc0666f2e
-
Size
845KB
-
MD5
e24c47ba37141e19d0343cddc0666f2e
-
SHA1
79ded7b5f757f9f11d0c1674e18f6de0342c7ec6
-
SHA256
0dd4a217107132a83c2a17b9ee609dafcf3372a7b04e02421dade166c64a3c77
-
SHA512
95ddac734be7f9607c724dd940f6a66537d2fd62f714634a0472f8df8d5bd958466b19aaf25d15f44c698b1b0f33e154160d807d43793ae6a2bae7d38112480a
-
SSDEEP
24576:+aKbPp9AR95yayNEHYofwgKspbHUCwCOd4:qPpKRyaOEfweArx
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-